Applying Routing Policies; Acl Policies - Extreme Networks ExtremeWare XOS Guide Manual

Policies and ACLs

Applying Routing Policies

To apply a routing policy, use the command appropriate to the client. Different protocols support
different ways to apply policies, but there are some generalities. Policies applied with commands that
use the keyword
import-policy
table. The following are examples for the BGP and RIP protocols:
configure bgp import-policy [<policy-name> | none]
configure rip import-policy [<policy-name> | none]
Commands that use the keyword
protocol. For BGP and RIP, here are some examples:
configure bgp neighbor [<remoteaddr> | all] {address-family [ipv4-unicast | ipv4-
multicast]} route-policy [in | out] [none | <policy>]
configure bgp peer-group <peer-group-name> route-policy [in | out] [none | <policy>]
configure rip vlan [<vlan-name> | all] route-policy [in | out] [<policy-name> | none]
Other examples of commands that use route policies include:
configure ospf area <area-identifier> external-filter [<policy-map> |none]
configure ospf area <area-identifier> interarea-filter [<policy-map> | none]
configure rip [vlan <vlan-name> | all] trusted-gateway [<policy-name> | none]
To remove a routing policy, use the

ACL Policies

ACLs are used to perform packet filtering and forwarding decisions on incoming traffic. Each packet
arriving on an ingress port is compared to the access list applied to that port and is either permitted or
denied. Permitted packets can also be forwarded to a specified QoS profile. Additionally, on the Aspen
8810 only, you can meter the packets. You can configure the switch to count permitted and denied
(dropped) packets. Using ACLs has no impact on switch performance.
ACLs are typically applied to traffic that crosses Layer 3 router boundaries, but it is possible to use
access lists within a Layer 2 virtual LAN (VLAN).
ACLs in ExtremeWare XOS apply to all traffic. This is somewhat different from the behavior in
ExtremeWare. For example, if you deny all the traffic to a port, no traffic, including control packets, such
as OSPF or RIP, will reach the switch and the adjacency will be dropped. You must explicitly allow
those type of packets (if desired). In ExtremeWare, an ACL that denied "all" traffic would allow control
packets (those bound for the CPU) to reach the switch.
ACLs are often referred to as access lists.
The following sections apply to ACLs:
ACL Policy File Syntax on page 183
●
ACL Evaluation Precedence on page 187
●
ACL Metering—Aspen 8810 Only on page 188
●
Displaying and Clearing ACL Counters on page 190
●
ExtremeWare XOS 11.1 Concepts Guide
control the routes imported to the protocol from the switch routing
control the routes advertised or received by the
route-policy
option in the command.
none
182